1.Information we receive about end users (“End Users”) of third-party mobile applications (“apps”) that use our Software Development Kit (“SDK”), the AdView Technology Ad Exchange (“AdView ADX”) (collectively, the “AdView Technology Ad Services”), and
2.Information we receive through our website at www.adview.com or any other website on which this Policy is posted, as well as information we get through other corporate services and web portals we make available to clients and business partners (“AdView Technology Websites”). We describe the information received through the AdView Technology Websites in Section 5 below, entitled “Privacy Practices for the AdView Technology Websites.”
We encourage consumers to learn about how information (including information we collect) can be used to market to them, and how to exercise their choices to permit or limit such marketing. We describe ways consumers can exercise that choice or opt out of marketing in Section 4 below, entitled “Consumer Control and Opt-Out Options.”
1. INTRODUCTION AND BACKGROUND
AdView Technology provides mobile advertising technology services that facilitate transactions among advertisers, app developers, publishers of mobile websites and/or apps, and ad exchanges (collectively, “Clients”), and service providers and other data partners (collectively “Partners”). We do this by making available the AdView Technology Ad Services and other tools to Clients. Clients use the AdView Technology Ad Services and other tools to deliver advertising to End Users, and we in turn provide our services to help Clients (and their own customers) to deliver ads that are of interest to End Users. We explain what SDKs are in Section 3 below, entitled “Cookies, Pixel Tags, and SDKs,” which also explains how cookies and similar technologies (which we also use to provide the AdView Technology Ad Services) work.
2. PRIVACY PRACTICES FOR THE ADVIEW TECHNOLOGY AD SERVICES
a. INFORMATION COLLECTED THROUGH THE ADVIEW TECHNOLOGY AD SERVICES
Through the AdView Technology Ad Services, we may (but do not necessarily, or always) collect a variety of information about End Users (whether through our SDK or through other partnerships and tools such as Client-facing APIs), including:
•IP addresses, from which geographic location may be inferred, as well as system configuration information such as information about End Users’ operating system;
•Precise geolocation information (generally an End User’s latitude and longitude data);
•Mobile advertising identifiers, such as iOS IDFAs and Android Advertising IDs (collectively, “Mobile IDs”). These Mobile IDs may be associated with other information we collect through the AdView Technology Ad Services, from third parties, or through any other services we offer;
•Device type and other device information (e.g., whether you are using a smartphone or tablet, and related information);
•Mobile browser (e.g., Firefox, Safari, and Chrome);
•Other unique identifiers that may be associated with an End Users’ device, including identifiers provided by Clients or their service providers; and
•Email addresses, which we generally handle in or convert to “hashed” (i.e., machine-readable, but non-human readable) form.
We may combine and merge the various types of information collected from the AdView Technology Ad Services, and may also enhance it (or permit our Clients to enhance it) with information collected from third parties. We refer to all of the above information as the “Service Information.”
b. How We Use the Information Collected Through the AdView Technology Ad Services
We use the Service Information to provide a variety of services to our Clients related to advertising and marketing, including services we may describe elsewhere on AdView Technology Websites. This includes use of the Service Information for purposes such as to:
•Provide and improve the AdView Technology Ad Services. This includes, for example, providing customer, technical, and operational support for these features, detecting and protecting against errors, fraud, or other criminal activity, and resolving disputes and enforcing our terms and conditions and other rights we may have. This may also include analyzing, customizing, and improving the features of the AdView Technology Ad Services;
•Provide information and analytics to Clients about the use of app features provided through the AdView Technology Ad Services, or help Clients create or enhance user profiles for marketing or analytics purposes;
•Create inferences about End Users categorized into “Audience Segments” or to help Clients do so. For example, if the information we collect indicates that an End User likes apps (or clicks on ads) about travel, we may categorize the End User of that device as someone who is interested in travel;
•Develop and use data models that try to predict End Users’ potential future behavior and interests on a per-device basis or across devices;
•Analyze ad performance, for example, by attributing End Users’ app installations or mobile web visits to ad campaigns;
•Resolve identities across multiple devices, such as to match IP addresses or hashed emails to link an End User across, for example, mobile browsers, mobile devices, tablets, set top boxes, or other devices; and
•Combine the Service Information to perform (including by working with Clients and Partners) any of the above functions, or other advertising, marketing, or analytics services. Or, we may aggregate and create data models to do this, by creating algorithms in order to predict common interests among End Users. We may provide End Users’ email addresses (which we generally hash) to Clients that match this information to online cookies or Mobile IDs in their system, and tie the information or associated IDs to additional interest-based or demographic data about End Users. This may be done, for example, to target advertising or provide analytics to other parties.
We or our Clients may deploy online cookies to track End Users across mobile websites and/or apps, or to associate End Users and these cookies with Mobile IDs. We or our Clients may perform such functions to resolve End Users’ identities across mobile devices and to better or more accurately target relevant ads to End Users (such as to a brand’s customers). We may also append or combine certain elements of the Service Information (such as hashed email addresses) to other information provided by third party data providers, to learn more about End Users or to provide advertising and analytics services. You can learn more about cookies and similar technologies, such as web beacons and SDKs, in Section 3 below, entitled “Cookies, Pixel Tags, and SDKs.”
c. How We Share Information We Collect Through the AdView Technology Ad Services
Generally, we share the Service Information with Clients and Partners in order to provide the AdView Technology Ad Services. For example, we share the Service Information with:
•Clients and their marketing and service providers, so they may provide targeted content and advertising to End Users on mobile websites and/or apps;
•Other third parties that target advertising. This may include, for example, platforms that work directly with marketers (sometimes called demand-side platforms), analytics companies, data management platforms that help marketers maintain and use data, proximity solution providers, and other advertising technology providers. These companies may, for example, provide targeted content and advertising to End Users and others on third-party mobile websites and/or apps or other advertising media (such as email, direct mail, and display media);
•Clients and their marketing and service providers, to help measure the effectiveness of marketing or analyze their End Users’ likely interests or demographics;
•Partners to enhance consumer privacy, hash information, or send advertising offers by email or display advertising (which may be linked to a cookie as described above); and
•Third-party platforms to help advertisers identify common users across different mobile devices and/or mobile browsers.
Even when you no longer access our SDK, we may continue to use and share your information as described in this Policy.
The processes we described above often involve cookies or similar technologies, which may be associated with other information about End Users, such as End Users’ interests, demographics, or transactions. This is generally known as “interest-based advertising.” We encourage individuals who are interested in controlling or learning about this type of advertising to go to Section 4 below, entitled “Consumer Control and Opt-Out Options,” or go to the Digital Advertising Alliance’s (DAA’s) website at www.aboutads.info.
We may also share Service Information with third parties:
•Pursuant to a request or authorization by an End User or Client;
•If the disclosure is provided to: (a) comply in good faith with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders, or subpoenas, including for purposes of national security and law enforcement; (b) enforce our terms and conditions or other agreements; or (c) protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity;
•Where the information is aggregated or de-identified; and
•As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence).
3. COOKIES, PIXEL TAGS, AND SDKs
a. Cookies and Pixel Tags
Cookies are small data files containing a string of characters, such as unique browser identifiers. Cookies are stored on your computer or other device and act as unique tags that identify your browser. Our servers may deploy a cookie on your browser when you visit the AdView Technology Websites. Our Clients and Partners may do likewise on the AdView Technology Websites, our Clients’ and Partners’ websites, and elsewhere. AdView Technology may use both session cookies and persistent cookies. Persistent cookies, unlike session cookies, remain after you close your browser, and may be used by your browser on subsequent visits to any given website. Using persistent cookies, a site operator (or a third party they work with) can “remember” what you have previously done on a website and personalize the site, or ads you see, for you. This technology may also provide a site operator or third party (or us, when you visit the AdView Technology Websites) with information regarding your IP address, browser type, the web pages that you visit just before or after visiting a website, the web pages viewed, and the dates and times of your visits.
A pixel tag (also commonly known as a web beacon or clear GIF) is an invisible 1 x 1 pixel that is placed on certain web pages. When you access a web page with a pixel tag, the pixel tag may generate a generic notice of the visit, and permit us, or our Clients or Partners, to set or read cookies. Pixel tags are used in combination with cookies to track the activity on a website by a particular browser on a particular device. If you disable cookies, pixel tags simply detect a given website visit.
b. Mobile Device Identifiers and SDKs
We, or our Clients or Partners, may use or work with mobile SDKs (including our own SDK(s), which are described in more detail in this Policy) to collect information, such as mobile identifiers (e.g., iOS IDFAs and Android Advertising IDs), and information related to how mobile devices and their users interact with our AdView Technology Ad Services and those using our AdView Technology Ad Services. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services to be implemented. We may use this technology, for example, to analyze or measure certain advertising through apps and browsers based on information associated with your mobile device. If you would like to opt out from having ads tailored to you in this way on your mobile device, please follow the instructions in Section 4 below, entitled “Consumer Control and Opt-Out Options.”
Our Clients or Partners may use the above technologies (sometimes, in combination with each other or other data such as IP addresses or hashed or de-identified data files) to coordinate identifiers across platforms, browsers, or devices, in order to more efficiently analyze or target advertising.
4. CONSUMER CONTROL AND OPT-OUT OPTIONS
In most cases, consumers have control over whether or not they would like to receive relevant ads and marketing email from our Clients.
a. Opting Out of Online Interest-Based Advertising
You can opt out of many of the platforms and service providers we work with that support online interest-based advertising by visiting the Digital Advertising Alliance’s consumer education and opt-out page at http://www.aboutads.info (or the European Interactive Digital Advertising Alliance’s opt-out page at http://www.youronlinechoices.eu if you are located in the European Union). This type of opt out is cookie-based, which means that if you replace or upgrade your browser, or delete your cookies, you will need to opt out again. Opting out in this way will not prevent you from receiving ads; rather, the ads you see will be less customized to you.
b. Opting Out of Cross-App Advertising on Mobile Devices
You can opt out of having your mobile advertising identifiers used for certain types of interest-based mobile advertising (also called “cross-app advertising”), including those performed by AdView Technology, by accessing the settings on your Apple or Android mobile device, as follows:
•Apple Devices: If you have an Apple device, you can opt out of most cross-app advertising by updating to iOS 6.0 or higher and enabling “Limit Ad Tracking.”
oiOS 7 and Higher: Go to Settings → Privacy → Advertising, and toggle “Limit Ad Tracking” to ‘ON.’
oiOS 6: Go to Settings → General → About → Advertising, and toggle “Limit Ad Tracking” to ‘ON.’
•Android Devices: If you have an Android device, you can opt out of most cross-app advertising by going to Google Settings → Ads, and selecting the option to opt out of interest-based ads.
Please note that these platforms control how these settings work, so the above instructions may change. Likewise, if your device uses other platforms not described above, please check the settings for those devices.
c. Additional Choices
Advertisers may also provide ways for you to opt out from, or limit their collection of, certain information from and about you. Please refer to the privacy policies for retailers, apps, and mobile websites to learn more about their privacy practices.
You may opt out from receiving promotional emails from us, such as emails to inform you about events and new services, by following the “unsubscribe” instructions in any promotional email you receive, or by contacting us at firstname.lastname@example.org. Please note, however, that we may still send you non-promotional emails relating to your relationship with us.
5. PRIVACY PRACTICES FOR THE ADVIEW TECHNOLOGY WEBSITES
a. Information We Collect Through the AdView Technology Websites
The AdView Technology Websites provide information regarding AdView Technology and our products and services. Through the AdView Technology Websites, we collect information you voluntarily disclose to us, and we may also obtain automatically-collected information.
i. Information You Disclose to Us
When registering for an account, expressing an interest in obtaining additional information about AdView Technology or our products and services, or otherwise contacting us through the AdView Technology Websites, we collect information you voluntarily disclose to us, such as your name, mailing address, email address, telephone number, credit card number, and other billing information. You may also provide us with certain information about your business or other individuals.
ii. Automatically-Collected Information
We may also use third party-services, such as Google Analytics, that gather information such as your IP address, browser type, the web page from which you came to the AdView Technology Websites, and the times of your visit. In addition, as you browse the AdView Technology Websites, advertising cookies may be placed on your computer so that we can “remember” your interests. Our display advertising partners may then help us retarget ads to you on other sites based on your interactions with the AdView Technology Websites. To opt out of such interest-based mobile advertising, please see Section 4 above, entitled “Consumer Control and Opt-Out Options.” Opting out in this way will not prevent you from receiving ads; rather, the ads you see will be less customized to you.
b. How We Use Information We Collect Through the AdView Technology Websites
In addition to the uses described elsewhere in this Policy, we use the information we collect through the AdView Technology Websites (alone or in combination) to provide, market, improve, and operate the AdView Technology Websites, AdView Technology Ad Services, and any other products or services we have or may develop. This includes use of the information to:
•Fulfill your requests;
•Send information about our products and services, including marketing communications;
•Respond to your questions, concerns, or customer service inquiries;
•Create aggregated or de-identified information;
•Comply with applicable laws, prevent fraud, mitigate risk, and perform similar purposes;
•Understand usage trends and preferences;
•Analyze, improve, and provide products and services;
•Customize the content and advertising you see on the AdView Technology Websites, across the Internet, and elsewhere; and/or
•Perform other purposes at your request.
c. How We Share Information We Collect Through the AdView Technology Websites
We may share the information we collect through the AdView Technology Websites in the following situations:
•With your consent, including through this Policy;
•With our affiliates;
•With third parties that help us to operate our business and provide our services, such as entities that provide us with technical, customer, billing, administrative, event planning, marketing, or operational services;
•As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence);
•When required by law or in response to lawful process, such as a subpoena, or to cooperate in good faith with a request from a government or law enforcement agency or official, including for purposes of national security and law enforcement;
•If we believe sharing the information may prevent physical, financial or other harm, injury, or loss; or
•If we believe sharing the information is necessary to protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity.
With respect to aggregated or de-identified information, we may share such information without restriction.
6. DATA ACCESS AND RETENTION
Generally speaking, we retain the information collected from the AdView Technology Websites and AdView Technology Ad Services for as long as necessary to achieve our objectives as detailed in this Policy, and to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you are a resident of the European Union, you may obtain a copy of the information we have about you by contacting us at email@example.com. Please be advised that, due to the manner in which we collect information, we will only be able to provide you with such information if we can determine that the information is identifiable to you. Under extenuating circumstances, we reserve the right to charge a fee for providing you with such information, and that fee will be based on costs and fees we incur to fulfill your request.
7. DATA SECURITY
We have administrative, technical, and physical safeguards in place in our physical facilities and in our computer systems, databases, and communications networks that are designed to protect the information from loss, misuse, or alteration. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your information.
To assist with data security, you understand that YOU ARE RESPONSIBLE FOR MAINTAINING THE SECRECY OF ANY ACCOUNT CREDENTIALS THAT CAN BE USED TO ACCESS ANY ACCOUNT WITH ADVIEW TECHNOLOGY. ANY ACTIONS TAKEN USING YOUR ACCOUNT CREDENTIALS ARE YOUR SOLE RESPONSIBILITY.
8. THIRD-PARTY WEBSITES AND APPS
This Policy only applies to the AdView Technology Websites and the AdView Technology Ad Services. We are not responsible for the privacy practices or disclosures of websites, developers, or apps that access or use the AdView Technology Websites or AdView Technology Ad Services. Likewise, when you access the AdView Technology Websites, you may be directed to other websites that are also beyond our control. We encourage you to read the applicable privacy policies and terms and conditions of such third parties and websites, and the industry tools that we have referenced in this Policy.
9. USERS FROM OUTSIDE THE UNITED STATES
The AdView Technology Websites and AdView Technology Ad Services are provided, supported, and hosted in the Hong Kong, and their operation is governed by Hongkong law. If you are using the AdView Technology Websites or AdView Technology Ad Services from outside Hongkong, be aware that your Information may be transferred to, stored, and processed in Hongkong and other countries where our facilities are located. The data protection and other laws of Hongkong might not be as comprehensive as those in your country. By using the AdView Technology Websites or AdView Technology Ad Services, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share your information as described in this Policy.
We may occasionally update this Policy to reflect changes to our privacy practices. The amended Policy will be displayed on the AdView Technology Websites. Please check our Policy regularly to ensure you have read the latest version and to stay informed of our privacy practices. Your continued access to and use of the AdView Technology Websites and AdView Technology Ad Services constitute your acknowledgement of this Policy and any updates.
11. CONTACTING US
If you have any questions regarding this Policy, please contact us at firstname.lastname@example.org or:
SHANGYOUJIA TECHNOLOGY (HK) LIMITED
RM 19C LOCKHART CTR 301-307, LOCKHART RD WAN CHAI,
Phone: +86 4000131400
Annex A DATA PROCESSING ADDENDUM
THIS DATA PROCESSING ADDENDUM
This Data Processing Addendum (“DPA”) reflects the parties’ agreement on the Processing of Personal Information that Privacy Laws and Regulations apply in regard thereof. For the purpose of this Annex A, you will be addressed as a “Customer”.
All capitalized terms not defined herein will have the meaning set forth in the Agreement. All terms under the Agreement apply to this DPA, except that the terms of this DPA will supersede any conflicting terms under the Agreement.
In the course of providing the service to Customer pursuant to the Agreement (the “Service“), AdView Technology may Process Personal Information on behalf of Customer. The parties agree to comply with the following provisions under this DPA with respect to Customer’s Personal Information processed by AdView Technology on behalf of Customer as part of the Services.
2.1. “Affiliate” means any legal entity directly or indirectly controlling, controlled by or under common control with a party to the Agreement, where “control” means the ownership of a majority share of the voting stock, equity, or voting interests of such entity.
2.2. “AdView Technology” means SHANGYOUJIA TECHNOLOGY (HK) LIMITED and its Affiliates.
2.3. “AdView Technology Information Security Policy” means the information security documentation applicable to the specific Service purchased by Customer, as updated from time to time, and made available by AdView Technology upon request.
2.4. “Individual” means a natural person to whom Personal Information relates, also referred to as “Data Subject” pursuant to EU data protection laws and regulations.
2.5. “Personal Information” means information about an identified or identifiable Individual, also referred to as “Personal Data” pursuant to EU data protection laws and regulations, which AdView Technology Processes under the terms of the Agreement.
2.6. “Personnel” means the employees, agents, consultants, and contractors of Customer and Customer’s Affiliates.
2.7. “Privacy Laws and Regulations” means Regulation (EU) 2016/679 (GDPR), when it takes effect, as applicable to the Processing of Personal Information under the Agreement.
2.8. “Privacy Shield” means the EU-US Privacy Shield Framework, as administered by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of July 12, 2016.
2.9. “Privacy Shield Principles” mean the Privacy Shield Principles, as supplemented by the Supplemental Principles and contained in Annex II to the European Commission Decision C(2016)4176 of July 12, 2016, as may be amended, superseded or replaced.
2.10. “Process” or “Processing” means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means, such as collection, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, blocking, erasure or destruction.
3.1. Scope and Roles. This DPA applies when Personal Information is Processed by AdView Technology as part of AdView Technology’s provision of the Service, as further specified in the Agreement and the applicable order form. In this context, to the extent that provisions under the GDPR apply to Personal Information that AdView Technology processes for Customer under the Agreement, Customer is the Data Controller and AdView Technology and applicable Affiliates are the Data Processor under such laws and regulations.
3.2. Instructions for AdView Technology’s Processing of Personal Information. AdView Technology will only Process Personal Information on behalf of and in accordance with Customer’s instructions. Customer instructs AdView Technology to Process Personal Information for the following purposes: (i) Processing in accordance with the Agreement and applicable order forms, including, without limitation to provide the Service, and for back-up and disaster recovery, cyber security, operations, control, improvements and development of AdView Technology’s Service, fraud and service misuse prevention and legal and administrative proceedings; and (ii) Processing to comply with other reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement and comply with applicable Privacy Laws and Regulations. Processing outside the scope of this DPA (if any) will require prior written agreement between AdView Technology and Customer on additional instructions for processing, including agreement on any additional fees Customer will pay to AdView Technology for carrying out such instructions.
NOTICE AND CONSENT
4.1. Customer undertakes to provide all necessary notices to Individuals and receive all necessary permissions and consents, as necessary for AdView Technology to process Personal Information on Customer’s behalf under the terms of the Agreement and this DPA, pursuant to the applicable Privacy Laws and Regulations.
4.2. To the extent required under the applicable Privacy laws and regulations, Customer will appropriately document the Individuals’ notices and consents.
RIGHTS OF INDIVIDUALS
5.1. Requests. AdView Technology will, to the extent legally permitted, promptly notify Customer if AdView Technology receives a request from an Individual, who’s Personal Information is included in Customer’s Personal Information, or a request by the Individual’s legal guardians, to exercise the right to access, correct, amend, or delete Personal Information related to the Individual, or to exercise such other personal right that the Individual is entitled to pursuant the applicable Privacy laws and regulations.
5.2. Assistance. AdView Technology will provide Customer with commercially reasonable cooperation and assistance in relation to handling the Individual’s request, to the extent legally permitted and to the extent Customer does not have access to such Personal Information through its use of the Service. Except if not permitted under the applicable Privacy laws and regulations, Customer will reimburse AdView Technology with any costs and expenses related to AdView Technology’s provision of such assistance.
5.3. Customer undertakes to direct individuals who wish to revoke their consent or to exercise their right to be forgotten to AdView Technology’s opt-out feature at: Privacy@adview.com
ASSISTANCE IN COMPLIANCE
At Customer’s written request, AdView Technology will cooperate with and make commercially reasonable efforts to assist Customer in complying with Customer’s obligations pursuant to Articles 32 to 36 to the GDPR, considering the nature of processing and the information available to AdView Technology.
ADVIEW TECHNOLOGY PERSONNEL
7.1. Limitation of Access. AdView Technology will ensure that AdView Technology’s access to Personal Information is limited to those personnel who require such access to perform the Agreement or provide its services.
7.2. Confidentiality. AdView Technology will impose appropriate contractual obligations upon its personnel engaged in the Processing of Personal Information, including relevant obligations regarding confidentiality, data protection, and data security. AdView Technology will ensure that its personnel engaged in the Processing of Personal Information are informed of the confidential nature of the Personal Information, have received appropriate training in their responsibilities, and have executed written confidentiality agreements. AdView Technology will ensure that such confidentiality agreements survive the termination of the employment or engagement of its personnel.
AFFILIATES AND THIRD-PARTY SERVICE PROVIDERS
8.1. Affiliates. Some or all of AdView Technology’s obligations under the Agreement may be performed by AdView Technology Affiliates.
8.2. Agents. Customer acknowledges and agrees that AdView Technology and AdView Technology’s Affiliates respectively may engage third-party service providers in the performance of the Service on Customer’s behalf. All Affiliates and agents (also referred to as ‘other processors’ under the GDPR) to whom AdView Technology transfers Personal Information to provide the Service on behalf of Customer have entered into written agreements with AdView Technology or such other binding instruments that bind them by substantially the same material obligations under this DPA.
8.3. Liability. AdView Technology will be liable for the acts and omissions of its Affiliates and agents to the same extent that AdView Technology would be liable if performing the Service of each Affiliate or agent directly, under the terms of Agreement.
8.4. Objection. To ensure compliance with applicable Privacy Laws and Regulation, Customer may object to any engagement by AdView Technology with a new agent to Process Customer Personal Information on Customer’s behalf, within five (5) business days following AdView Technology’s notice to Customer of its engagement with the new agent. If Customer sends AdView Technology a written objection to the new agent, AdView Technology will make commercially reasonable efforts to provide Customer the same level of Service without the using the new agent to Process Customer Personal Information. Nothing in this section prejudices the parties’ rights and obligations under the Agreement.
ONWARD AND TRANS-BORDER TRANSFER
9.1. Transfer of Personal Information related to Individuals within the EU to AdView Technology’s data hosting services in the US is made in accordance with such hosting services’ self-certification with the Privacy Shield.
9.2. All AdView Technology Affiliates and agents to whom AdView Technology transfers Personal Information to provide the Service are certified to the Privacy Shield, or provide at least the same level of protection for the Personal Information as is required by the relevant principles of the Privacy Shield and comply with the requirements under the Privacy Shield for the onward transfer of Personal Information to agents, or have executed such other lawful instruments for lawfully transferring Personal Information related to Individuals within the EU to other territories, such as by executing the Standard Contractual Clauses in the form attached and incorporated by reference to this DPA as Exhibit A, or any successor thereof or an alternative lawful data transfer mechanism, or alternatively the Personal Information is transferred to a country with an adequacy recognition by the EU Commission.
10.1. Controls. AdView Technology will maintain administrative, physical and technical safeguards for the protection of the security, confidentiality and integrity of Customer’s Personal Information pursuant to the AdView Technology Information Security Policy. AdView Technology regularly monitors compliance with these safeguards. AdView Technology will not materially decrease the overall security of the Service during the term of the Agreement.
10.2. Policies and Audits.
Customer may audit AdView Technology’s compliance with its obligations under this Data Processing Addendum up to once per year (“Data Protection and Security Audit”), provided, however, that any Data Protection and Security Audit is subject to the following cumulative conditions: (i) The Data Protection and Security Audit will be pre-scheduled in writing with AdView Technology, at least 60 days in advance; (ii) All Customer personnel who perform the Data Protection and Security Audit, whether employed or contracted by Customer, will execute AdView Technology’s standard non-disclosure agreement prior to the initiation of the Data Protection and Security Audit, and a third party auditor will also execute a non-competition undertaking; (iii) Customer will take all necessary measures and verify that the auditors do not access, disclose or compromise the confidentiality and security of non-Customer data on AdView Technology’s information and network systems; (iv) Customer will take all measures to prevent any damage or interference with AdView Technology and its Affiliates’ information and network systems; (v) Customer will bear all costs and assume responsibility and liability for the Data Protection and Security Audit and for any failures or damage caused as a result thereof; (vi) Customer will keep the Data Protection and Security Audit results in strict confidentiality, will use them solely for the specific purposes of the Data Protection and Security Audit under this section, will not use the results for any other purpose, or share them with any third party, without AdView Technology’s prior explicit written confirmation; and (vii) If Customer is required to disclose the Data Protection and Security Audit results to a competent authority, Customer will first provide AdView Technology with a prior written notice, explaining the details and necessity of the disclosure, and will provide AdView Technology with all necessary assistance to prevent the disclosure thereof.
SECURITY BREACH MANAGEMENT AND NOTIFICATION
11.1. Breach prevention and management. AdView Technology will maintain security incident management policies and procedures and will, to the extent required by law, promptly notify Customer of any unauthorized access to, acquisition of, or disclosure of Customer Personal Information, by AdView Technology or its Affiliates or agents of which AdView Technology becomes aware of (a “Security Incident”).
11.2. Remediation. AdView Technology will promptly make reasonable efforts to identify and remediate the cause of such a Security Incident.
DELETION AND RETENTION OF PERSONAL INFORMATION
12.1. Data Deletion. After the end of the provision of the Service, AdView Technology will return Customer’s Personal Information to Customer or delete such data, including by de-identifying thereof.
12.2. Data Retention. Notwithstanding, Customer acknowledges and agrees that AdView Technology may retain copies of Customer Personal Information as necessary in connection with its routine backup and archiving procedures and to ensure compliance with its legal obligations and its continuing obligations under the applicable law, including to retain data pursuant to legal requirements and to use such data to protect AdView Technology, its Affiliates, agents, and any person on their behalf in court and administrative proceedings.
DISCLOSURE TO COMPETENT AUTHORITIES
AdView Technology may disclose Personal Information (a) if required by a subpoena or other judicial or administrative order, stock exchange or if otherwise required by law; or (b) if AdView Technology deems the disclosure necessary to protect the safety and rights of any person, or the general public.
ANONYMIZED AND AGGREGATED DATA
AdView Technology may process data based on extracts of Personal Information on an aggregated and non-identifiable forms, for AdView Technology’s legitimate business purposes, including for testing, development, controls, and operations of the Service, and may share and retain such data at AdView Technology’s discretion, provided that such data cannot reasonably identify an Individual.
This DPA will commence on the same date that the Agreement are effective and will continue until the Agreement are expired or terminated, pursuant to the terms therein.
16.1. AdView Technology’s compliance team is responsible to make sure that all relevant AdView Technology’s personnel adhere to this DPA.
16.2. AdView Technology’s compliance team can be reached at: email@example.com
Each Party will create an escalation process and provide a written copy to the other Party within five (5) business days of any dispute arising out of or relating to this DPA. The escalation process will be used to address disputed issues related to the performance of this DPA, including but not limited to technical problems. The Parties agree to communicate regularly about any open issues or process problems that require prompt and accurate resolution as set forth in their respective escalation process documentation. The Parties will attempt in good faith to resolve any dispute arising out of or relating to this DPA, before and as a prior condition for commencing legal proceedings of any kind, first as set forth above in the escalation process and next by negotiation between executives who have authority to settle the controversy and who at a higher level of management than the persons with direct responsibility for administration of this DPA. Any Party may give the other Party written notice of any dispute not resolved in the normal course of business. Within two (2) business days after delivery of the notice, the receiving Party shall submit to the other a written response. The notice and the response will include (a) a statement of each Party’s position and a summary of arguments supporting that position and (b) the name and title of the executive who will represent that Party and of any other person who will accompany the executive. Within five (5) business days after delivery of the disputing Party’s notice, the executives of both Parties shall meet at a mutually acceptable time and place, including telephonically, and thereafter as often as they reasonably deem necessary, to attempt to resolve the dispute. All reasonable requests for information made by one Party to the other will be honored. All negotiations pursuant to this clause are confidential and will be treated as compromise and settlement negotiations for purposes of applicable rules of evidence.
18.1. Any alteration or modification of this DPA is not valid unless made in writing and executed by duly authorized personnel of both parties.
18.2. Invalidation of one or more of the provisions under this DPA will not affect the remaining provisions. Invalid provisions will be replaced to the extent possible by those valid provisions which achieve essentially the same objectives.